Sysinternals Process Explorer 16.43 is last working final version for Windows 7

Process Explorer v17.07

By Mark Russinovich

Published: November 11, 2025

no longer works on Windows 7.   Windows 7 support is finally dead buy why? 

Windows OS has over 1.5 billion active users globally as of 2025, and @2.5% thus 37.5 million are still active Windows 7 users! 

Last know version to work on Windows 7 is Process Explorer v16.43 back in November 22, 2021. 

Get it here Process Explorer 16.43 | System Monitors (fileeagle.com)

Detecting Glassworm malware hidden characters fast using file regex search with grepWin

A number of Visual Studio Code extensions have been infected with Glassworm and here's a fast way to check if your repo is infected using grepWin - Stefans Tools (stefankueng.com) a fast C open-source grep UI tool for Windows.


How GlassWorm wormed its way back into developers’ code — and what it says about open source security | InfoWorld  Nov 10 Nov 2025

According to article above, this repo is infected with Glassworm

ai-driven-dev/vscode (github.com) 

The article below lists Unicode characters that are deployed using Glassworm 

Defending Against Glassworm: The Invisible Malware That's Rewriting Supply Chain Security | Snyk - 3 Nov 2025

The 277 explicit confusable characters used by Glassworm;

• Bidirectional Unicode controls (U+202A-U+202E, U+2066-U+2069)
• Zero-width characters (U+200B, U+200C, U+200D)
• Variation selectors (U+FE00-U+FE0F) — the base 16 selectors
• Extended Variation Selectors (U+E0100-U+E01EF) — 240 additional characters used in Glassworm
• No-break space (U+00A0)
• Word joiner, soft hyphen, and other invisible characters

Here's the grepWin regex for: 

• Bidirectional Unicode controls (U+202A-U+202E, U+2066-U+2069)
• Zero-width characters (U+200B, U+200C, U+200D)
• Variation selectors (U+FE00-U+FE0F) — the base 16 selectors
  
  

  [\x202A\x202B\x202C\x202D\x202E\x2066\x2067\x2068\x2069\x200B\x200C\x200D\xFE00\xFE01\xFE02\xFE03\xFE04\xFE05\xFE06\xFE07\xFE08\xFE09\xFE0A\xFE0B\xFE0C\xFE0D\xFE0E\xFE0F]
  

Here's the grepWin regex for: 

• Extended Variation Selectors (U+E0100-U+E01EF) — 240 additional characters used in Glassworm
  
  

  [\\xE0100-\\xE01EF]

  
  

GrepWin uses Perl Regular Expression Syntax. Test at https://regex101.com/r/VNSYwc/2 choose PCRE2.

Here's the result using grepWin with regex search. 

GrepWin with Content View selected.  represents found Unicode characters. 

Shoppers Drug Mart Phishing email with subject Shoppers Drug Mart Loyalty Program

For the record, this is general Shoppers Drug Mart phishing email attempt that is recently going around, with subject "Shoppers Drug Mart Loyalty Program" What to do?  Report them, go to bottom of page. 

From : Shoppers <maybell.idalinepw@sedfhgv.shopmys.best> Subject : Shoppers Drug Mart Loyalty Program identified this email as spam

PHISHING LINKs;

1. Hover over image
https://click.convertkit-mail2.com/xxxxx/xxx/xxx#xxxxx

How to tell this is a Phishing email ?

1. Check email address in full, if it's not from originating company then it's phishing.
2. Hover over all links in email, if it's not from the company's website then forget it.
3. The best way is to view source message; end examine the source location and emails links are from the domain claimed.

How to examine Email Message Source ?

Now let's look at message source

1. Outlook.com->Actions->View Message Source. 
2. Gmail.com->More (down arrow to top right)->Show original.

Check for suspicious links, anything that does not originate from the domain.

Report Phishing Email (not as Spam)

1. Outlook.com->Junk (at Top)->Phishing Scam
2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing

If you have received this email, take further 

1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx